IONOS Content Delivery Network (CDN) is a network of servers located across the IONOS global edge network to speed up the delivery of static and dynamic web content to users. CDN uses Anycast routing in IONOS' global backbone network infrastructure, comprising multiple highly available edge locations where the content is distributed, offering reduced latency and high reliability of content loading on websites.

With CDN, users benefit from improved website performance. It provides the scalability to handle large spikes in traffic, making it ideal for websites and applications with a global audience. CDN offers advanced security features such as encryption, DDoS Layer 7 protection, secure token authentication, and Web Application Firewall (WAF), making it a versatile choice for secure content delivery and safeguards against cyber threats. For more information, see Features and Benefits and Use Cases.

CDN uses IONOS’s global infrastructure to accelerate content delivery through a network of strategically placed servers. It is currently available in data centers located in Germany (Berlin and Frankfurt), Spain, and the United States. The network will continue to grow, bringing servers closer to the user base.

The CDN setup allows the administrator to create new CDN distributions and specify the origin servers for the CDN. The setup supports various origin types, such as S3 buckets, load balancers, and custom origins. For a CDN distribution, you can enable SSL/TLS support and manage these certificates to ensure a secure content delivery. CDN lets you configure up to twenty-five routing rules where geo-restriction can be managed on a per-distribution basis, and you can choose to enable WAF and Caching properties. You can configure and manage the CDN distributions via the DCD. For more information, see .

How does CDN work?

When a user sends a request for the first time to fetch content on your website, the user request is routed to the CDN edge server located closer to the user. The CDN requests content from the origin server, transfers the static content from the webserver to its cached memory, and sends the retrieved content to the user.

When a user requests the same data content the next time, the CDN retrieves the content from its cached memory and immediately delivers it to your website. When the content is cached in the edge server, the CDN provides it immediately with minimal or zero latency, thus improving the web application performance and reducing data traffic.

The illustration shows how the user's request for content is managed efficiently by using CDN edge servers and the flow of content between the user, origin server, CDN edge location, and cached memory. The overall CDN is built on top of the IONOS network infrastructure.

Caching in CDN refers to storing copies of web content at multiple edge servers across various geographical locations. It allows users to access content from a server that is geographically closer to them, improving the speed and efficiency of content delivery.

Features

• Static Content Caching: Static content like HTML, CSS, JavaScript files, images, and videos are cached in the CDN edge servers. Caching is based on the request method GET or HEAD

Web Application Firewall (WAF) is a security feature integrated with CDN designed to protect users' web applications from cyber threats and attacks, thus facilitating improved application performance.

WAF serves as a fully managed Access Control List (ACL) that offers predefined rule sets that you can use to quickly implement security control against known vulnerabilities without manually having to set rule sets.

By default, the WAF is set to OFF state. WAF can be enabled on a per-routing-rule level for your CDN distribution. It ensures that the origin servers behind your domain are protected based on the attack detection rules defined by . You can set WAF to an ON state via the DCD or API; enabling WAF incurs an additional cost.

In IONOS CDN, the current maximum request body size that is analyzed is ~15 MB, and only Content-Type, which is handled by the OWASP® CRS, is analyzed by the WAF. When the WAF is unavailable or cannot process the request, the CDN continues to process it without canceling it.

With IONOS Content Delivery Network (CDN), you can quickly deliver web content and applications to users with exceptional availability and performance. CDN offers a range of security features, including Layer 7 Distributed Denial of Service (DDoS) protection and a Web Application Firewall (WAF), making it an adaptable and secure solution for content delivery.

Based on CDN features and benefits, the following are a few key use cases:

• Website Performance Optimization: The CDN's ability to cache static content and deliver it from edge servers nearest to the user's location significantly reduces website load time, ensuring that users experience minimal latency regardless of their geographical location.

• Dynamic Content Delivery: Leveraging CDN edge servers for deploying computational resources leads to reduced latency in the response time for dynamic content requests.

• Software Distribution: With improved download speeds and reduced latency, you can use CDN to distribute software updates and patches to users worldwide.

• API Request Optimization: By caching API responses using edge servers, you can accelerate access to backend services using the API.

The following are a few limitations to consider while using CDN:

• Limited Points of Presence (PoPs): CDN currently offers network edge servers focused on the European region and will soon extend the PoPs to other locations.

• Restricted Customizations: You can only turn the Caching and WAF settings on or off. The option to customize these in the routing rule is not available.

• Distributions: A maximum of twenty distributions can be created per contract. If the quota needs to be increased, contact

To create and manage CDN distributions via the DCD, refer to the following:

Once a CDN distribution is successfully created, the distribution is listed on the Distribution overview page

To update the CDN distribution details, follow these steps:

2. In the Distribution overview, select the CDN distribution to update.

3. In the Details & Edit CDN distribution, update the distribution details needed:

• Properties: Refers to the Domain and SSL certificate details of the distribution. To update these details, see Define distribution properties.

• Edit routing rule: This rule defines the rules for routing content requests to this CDN distribution. To update these details, see .

• Delete routing rule: Use this option to delete an existing routing rule.

• Add routing rule: You can create a routing rule. To do so, follow the steps in .

• You can drag and drop the routing rules to change the precedence of the rules to apply to the CDN distribution.

4. Click Save to update the CDN distribution details with the changes made.

Once a CDN distribution is successfully created, the distribution is listed on the Distribution overview page.

To view the CDN distribution details, follow these steps:

• In the DCD, go to Menu > Network Services > CDN.

View details of a selected CDN Distribution

For the selected CDN distribution, you can view the following details:

• System Information: The following system information related to the distribution is displayed:

  • State: Displays the state of the distribution.

  • UUID: The unique ID of the CDN distribution.

  • Resource URN: A Uniform Resource Name (URN) that uniquely identifies the resources of the distribution, which is represented as

• Properties: Refers to the Domain and SSL certificate details of the distribution. For more information, see .

• Routing rules: Refers to the rules defined for handling the routing of content requests to this CDN distribution. For more information, see .

With CDN APIs, contract administrators, owners, and users with the required permissions can create and manage CDN distributions.

To delete a CDN distribution, follow these steps:

2. From the Distribution overview page, select the distribution you want to delete. On this page, all the CDN distributions created are listed.

3. In the Options column for the selected distribution, click and select Delete.

To create a CDN distribution, perform a POST request.

A CDN distribution refers to the specific configurations that define how the content is delivered by the CDN to the users. You can create one or more CDN distributions under your contract as needed.

To create a CDN distribution, follow these steps:

2. Click Create CDN distribution from the Distribution overview page.

3. Configure the following details for a CDN distribution:

To delete a CDN distribution, perform a DELETE request with the distributionID of the CDN.

To set user privileges using the Cloud API for managing Cloud CDN distribution, follow these steps:

1. Authenticate to the Cloud API using your API credentials.

Features

• CDN Distributions: Configure the instructions and resources that define how content is delivered from the origin server to the users through the CDN.

• SSL/TLS Encryption: With SSL/TLS support in CDN, data transmitted between the CDN edge servers and users is encrypted, ensuring secure data transmission and reliability of content delivery through CDN networks. CDN also offers the flexibility to upload custom SSL certificates that suit your organization's requirements. It also supports the auto-renew of SSL certificates based on a certificate provider like ACME via .

• : CDN offers a critical security feature, WAF, that provides an additional layer of security for web applications.

• DDoS Layer 7 Protection: You can enable DDoS protection at layer 7 of the Open Systems Interconnection (OSI) model, which protects web applications against distributed denial-of-service attacks.

• : CDN caches static content such as images, CSS files, and scripts at edge servers, reducing the load on the origin server and speeding up content delivery to users. With these rules, you can control how content is delivered, cached, and optimized for users.

• Routing Rules: With CDN, configure how incoming user requests are handled and routed within the CDN infrastructure. At least one routing rule for an origin server must exist, and a maximum of twenty-five routing rules are possible. The rules are applied in the defined sequence, meaning the first routing rule will have the highest precedence.

• Geo-Based Routing: With this routing mechanism, CDN allows users to route traffic based on the geographic location of users. This ensures that users are served content from the nearest edge server, reducing latency and improving overall performance.

• Geo-Restrictions: With this feature, you can configure to block or allow countries to access the CDN distribution. Users can specify the geolocation parameters to block access from specific countries or regions. This can help prevent malicious traffic from specific locations and limit content delivery to only allowed geographical areas. You can also choose to allow countries or regions and restrict access to only the allowed countries list.

• Rate Limiting: You can choose to limit the rate of incoming requests from specific IP addresses to the CDN. For more information, see .

Rate Limit Class

Rate limiting controls the number of incoming ingress requests to the CDN from clients behind the same IP address within a specific timeframe. Rate limits can be configured for each routing rule, including the scheme, hostname, and path prefix. Rate limits apply to both cached and uncached content. IONOS CDN rate limits do not restrict outgoing egress connections from the CDN to the origin server.

By default, a limit of 100 requests per second is applied per routing rule, when the rate limit value is set to R100.

Following are the rate limit classes that can be configured:

• R1: Allows up to 1 request per second, per client IP and routing rule.

• R5: Allows up to 5 requests per second, per client IP and routing rule.

• R25: Allows up to 25 requests per second, per client IP and routing rule.

• R50: Allows up to 50 requests per second, per client IP and routing rule.

Consider the following factors when choosing a rate limit class:

• The rate limit applies to both cached and uncached content.

• A CDN provides implicit flood protection for your origin server by serving cached content. However, uncached or uncacheable content must still be retrieved from your origin server, and these requests are not explicitly rate-limited. For example, a DDoS attack originating at 2000 IPs requesting uncacheable content could generate requests up to 2000 times the configured request rate.

• You may prefer a lower rate limit to reduce the likelihood of unreasonable requests to the web content. Conversely, if you aim to serve all requests to the CDN as quickly as possible, you could opt for a higher rate limit.

Benefits

• Faster Website Loading: CDN delivers content from servers nearest to the user, thus reducing latency and improving page load times. This results in a better user experience and positively impact Search Engine Optimization (SEO) rankings.

• Scalability: CDNs are designed to handle high traffic loads and can easily scale based on demand. This ensures that websites and applications remain responsive even during traffic spikes.

• Enhanced Security: With DDoS Layer 7 protection, WAF, and SSL/TLS encryption, CDN helps safeguard websites and applications against online threats.

You can retrieve the list of all IP addresses using pagination and optional filters. The number of results displayed on each page depends on the following values:

• limit limits the number of response elements.

• offset specifies the starting point within the collection of resource results returned from the server.

Endpoints

Use the following endpoint to retrieve all IP adresses: https://cdn.de-fra.ionos.com

Request

Request Header Parameters

To make authenticated requests to the API, the following fields are mandatory in the request header:

Response

A 200 message confirms that all public IP addresses are successfully retrieved.

Users need appropriate privileges to create and manage CDN distributions. Cloud CDN has a new group privilege called Access and manage CDN. This privilege must be enabled for a group so that the members of this group inherit it through group privilege settings and can manage the CDN distributions.

To set user privileges to manage CDN distributions, follow these steps:

1. In the DCD, go to Menu > Management > Users & Groups.

2. Select the Groups tab in the User Manager window.

3. Select the appropriate group to assign relevant privileges.

4. In the Privileges tab, select Access and manage CDN.

Revoke user privileges

You can revoke a user's Access and manage CDN privilege by removing the user from all the groups with this privilege enabled.

To revoke this privilege from a contract administrator, disable the administrator option on the user account. After performing this action, the contract administrator will become a contract user, and the privileges that were set up for the user before becoming an administrator will then be in effect.

To retrieve all the CDN distributions under a contract, perform a GET request.

To update an existing CDN distribution, perform a PUT request with the distributionID of the CDN. The CDN distribution for a given distributionID is updated with the provided distribution details.

Endpoint

Use the following endpoint to create or update a CDN distribution: https://cdn.de-fra.ionos.com/distributions/{distributionId}.

Request

Response

200 Successful operation

Following is an example of when a CDN distribution is successfully created.

To retrieve a CDN distribution, perform a GET request with the distributionId of the CDN.

The following are a few FAQ to provide insight into the CDN product.

Fundamentals

What is a CDN?

A Content Delivery Network (CDN) is a system of distributed servers strategically placed worldwide to deliver web content and applications more quickly and reliably. CDN caches content at edge locations closer to the end users and delivers content with reduced latency and improved load times, ensuring a better user experience. CDN offers enhanced security and scalability and protects against various DDoS attacks. For more information, see .

Why do I need a CDN?

With CDN, you can experience faster loading times for web applications with high reliability of content delivery with globally distributed edge servers and delivering content to users from the closest server. For more information on how CDN best suits your business, see and .

How does a CDN improve my website performance?

A CDN works by caching content on servers located close to your users. When a user requests content from your website or application, the CDN server will deliver it from its cache rather than from your origin server. Additionally, an origin server is relieved of cacheable requests, leaving it with more resources available for processing non-cacheable requests. These aspects overall speed up your website performance.

What is the difference between an edge server and an edge region?

An edge location is a specific data center within the CDN network housing multiple edge servers where content is cached. An edge region is a broader geographic area containing numerous edge locations to ensure high availability. IONOS CDN leverages both to ensure optimal content delivery.

How does using a CDN impact my origin server's bandwidth?

Using a CDN significantly reduces the bandwidth required from your origin server by caching content at edge locations. Hence, it offloads the heavy lifting to the CDN, allowing you to maintain a smaller, more cost-effective infrastructure with fewer resources.

How can I ensure high availability with IONOS CDN?

IONOS CDN is designed for high availability with a redundant, distributed network of edge servers. In the event of a server failure, traffic is automatically rerouted to ensure uninterrupted access to your content. ​Even if your origin server is offline, our edge servers may still have some cached content and serve that "stale" content in its place, keeping your website available.

Is dual stack supported in CDN?

Yes. Both IPv4 and IPv6 are supported. This ensures that your content is accessible to users on IPv4 and IPv6 networks, helping future-proof your web services and ensuring broad accessibility. Our edge servers can also access your origin servers via public IPv4 and IPv6 addresses.

Is there a CDN API for automation?

Yes, we provide a comprehensive CDN API complemented by a GO SDK and Terraform tooling that allows for the automation of various CDN-related tasks. This ensures seamless integration with your DevOps workflow.

Getting started

How can I get started with using IONOS CDN?

To get started with IONOS CDN, sign up for an account with IONOS Cloud. Once you have signed up, configure CDN distributions for your domain via the or .

How do I integrate CDN with my existing infrastructure?

To integrate CDN with your existing infrastructure, you need to create a CDN distribution with routing rules for the domain after which an IPv4 and IPv6 Anycast IP address is provided which is needed to configure the domain's DNS settings for the CDN distribution to be fully functional. For more information, see .

Is access management possible for CDN operations via the DCD and API?

Yes. Contract administrators and owners can enable access to sub-users to manage CDN by providing the “Access and Manage CDN” group privilege. For more information, see Set User Privileges via the and . You can also view audit logs for CDN operations via the functionality.

How can I get the best from IONOS CDN?

IONOS CDN is best complimented by using for your domain's DNS management and utilizing or as the origin servers. This will ensure traffic stays in IONOS networks for optimal content delivery.

Are there limits to how many CDN distributions I can create?

You can create up to twenty CDN distributions per contract, and each distribution can be configured with up to twenty-five routing rules.

What is the price model for using IONOS CDN?

CDN distribution is charged monthly; additional charges apply when enabling WAF on individual routing rules. For more information, see .

Caching

What if the origin server goes down?

If the origin server goes down, IONOS CDN will continue to serve cached content until the cache expires. This provides a level of redundancy that helps maintain content availability during origin server outages.

What is the caching policy?

Using the Caching policy, you can define how long the content cached in the edge server must be retained. IONOS CDN has a default caching behavior in which the content is cached based on status code HTTP 200 from the origin server and cache-control headers. For more information, see .

Can I set custom caching rules for my content?

No. Custom cache rules are currently not supported. For your CDN distribution, you can only enable or disable caching on a per-routing rule basis.

Does IONOS CDN set Cache response headers?

Yes, X-CDN-Cache-Status set as a header to responses indicates whether a resource is cached or not. For more information, see .

Is disabling caching for a CDN routing rule equivalent to a purge operation?

No, disabling caching does not automatically delete the cache contents. Content will remain until expiry. When caching is disabled, the requests are always forwarded to the origin server.

Security

How secure is data transferred through the CDN?

Data transferred through IONOS CDN is secured using SSL/TLS encryption to prevent unauthorized access and ensure data integrity. To enforce this, configure HTTPS as the protocol for the corresponding routing rule and provide a publicly trusted, valid TLS certificate for either the origin server's name or the website's configured name. Multi-layered DDoS protection and WAF features also offer added security against threats.

What are the IP addresses of the IONOS CDN edge servers?

To retrieve the IP addresses of IONOS edge servers, see . They currently belong to the following ranges:

• If your origin is hosted on IONOS Cloud and protected by firewall rules, you can use the above IP addresses to allow inbound traffic to your origin only from IONOS CDN’s origin-facing servers, preventing any non-CDN traffic from reaching your origin.

• If the origin is an Object Storage bucket, a can be set up to restrict access only from the above IP addresses.

• The same list can also be used as a list of “trusted” IPs for Apache httpd’s , Nginx’s module, or similar features in other software to restore the original client's IP address in requests reaching the origin server.

Can geo restrictions be applied to domains using CDN?

Yes. Geo restriction can be optionally applied for CDN distributions. You can either create a ”block” list or an “allow” list of countries to restrict access to your domain.

Does CDN support rate limiting of requests?

Yes. You can configure rate limits for every CDN routing rule to control the number of incoming requests on a per-client IP basis for a given edge server. A response header X-WS-RateLimit-Limit indicates which rate limit is configured. Each edge server and routing rule has its bucket for the client IP limits and will not be shared across all routes or edge servers. For more information, see .

How does CDN handle SSL/TLS certificates?

CDN supports SSL/TLS encryption for secure data transmission. Remember to use valid certificates from recognized and reputable Certificate Authorities (CAs). You can manage and store TLS certificates using the Certificate Manager to terminate HTTPS connections from the internet. The Automatic Certificate Management Environment (ACME) protocol automatically renews TLS certificates. For more information, see .

What protection does WAF provide on CDN?

can be enabled on a per-routing-rule level for your CDN distribution. It ensures that the origin servers behind your domain are protected based on the attack detection rules defined by OWASP® CRS.

Does CDN support sniMode?

Yes, CDN supports mode particularly in the context of Secure Sockets Layer SSL or Transport Layer Security (TLS) communications. Specify the following mandatory properties to configure sniMode in CDN for outgoing connections to the upstream host: